OpenSSL 1.1 compatibility

[Russ Allbery]

"Cantor, Scott" <cantor.2 at osu.edu> writes:

>> What are your plans for handling the upcoming OpenSSL 1.1 API changes?

> I asked Rod to find some time to look at the issues but other priorities
> got in the way.  Since 1.0.2 will be supported until 2020, I figured
> sometime by end of 2017 was sufficient. Given the impact of breaking
> changes, I can't really see how any Linux distribution could expect to
> stop supporting the old ABI overnight.

Debian *wants* to switch to 1.1 for the next release if possible, but
there's quite a lot of work that would have to be done.  (That's in the
2017 timeframe, but earlier than the end of it.)

> I haven't reviewed it, but my experience tells me that it will not be
> simple, unless it's just a case of it being possible to access the
> structures, but only after allocating them indirectly. If they block
> access to them, I will likely lose functionality, possibly fatally.

It looks like it's a large-scale conversion from direct access to
structures to opaque structures with APIs to get the same data.  So a
largely mechanical change, not a loss of functionality, but one that
requires some work for backward compatibility.

-- 
Russ Allbery (rra at debian.org)               <http://www.eyrie.org/~eagle/>